When configuring MAC table management, go
to these sections for information you are interested in:
l
Introduction
to MAC Address Table Management
l
Configuring
MAC Address Table Management
l
Displaying
MAC Address Table Management
l
MAC
Address Table Management Configuration Example
The term router and
router icons mentioned in the following routing protocol refer to the routers
in a generic sense and the switches running routing protocols.
1.1 Introduction to MAC Address Table Management
A device maintains a MAC address table for frame
forwarding. Each entry in this table indicates the MAC address of a connected device,
to which interface this device is connected and to which VLAN the interface
belongs.
A MAC address table consists of two types
of entries: static and dynamic. Static entries are manually configured and
never age out. Dynamic entries can be manually configured or dynamically
learned and may age out.
The following is how your device learns a
MAC address after it receives a frame from a port, Port 1 for example:
1)
Check the frame for the source MAC address (MAC
A for example).
2)
Look up the MAC address table for an entry
corresponding to the MAC address and do the following:
l
If an entry is found for the MAC address, update
the entry.
l
If no entry is found, add an entry for the MAC
address and indicate from which interface the frame is received.
When receiving a frame destined for MAC A,
the device looks up the MAC address table and forwards it from port 1.
Dynamically learned MAC addresses cannot overwrite static MAC
address entries, but the latter can overwrite the former.
As shown in Figure 1-1, when forwarding a frame, the
device looks up the MAC address table. If an entry is available for the destination
MAC address, the device forwards the frame directly from the hardware. If not,
it does the following:
1)
Broadcast the frame.
2)
After the frame reaches the destination, the
destination sends back a response with its MAC address. (If no response is
received, the frame will be dropped.)
3)
Upon receipt of the response, the device adds an
entry in the MAC address table, indicating from which interface the frames
destined for the MAC address should be sent.
4)
Forward subsequent frames destined for the same
MAC address directly from the hardware.
5)
Discard the frames which cannot reach the
destination MAC address.
Figure 1-1 Forward frames using the MAC
address table
1.2 Configuring MAC Address Table Management
1.2.1 Configuring MAC Address Entries
Follow these steps to add, modify, or remove
entries in the MAC address table:
|
To do…
|
Use the command…
|
Remarks
|
|
Enter
system view
|
system-view
|
—
|
|
Add/modify
a MAC address entry
|
mac-address
{ dynamic | static } mac-address
interface interface-type interface-number vlan
vlan-id
|
Required
|
|
mac-address
blackhole mac-address
vlan vlan-id
|
|
Enter Ethernet
interface view
|
interface
interface-type interface-number
|
—
|
|
Add/modify
MAC address entries under the specified interface view
|
mac-address { static | dynamic } mac-address
vlan vlan-id
|
Required
|
1.2.2 Disabling Global MAC Address Learning
You may need to disable MAC address
learning sometimes to prevent the MAC address table from being saturated, for
example, when your device is being attacked by a great deal of packets with
different source MAC addresses.
Disabling the global MAC address learning
disables the learning function on all ports.
Follow these steps to disable MAC address
learning:
|
To do…
|
Use the command…
|
Remarks
|
|
Enter system view
|
system-view
|
—
|
|
Disable global MAC address learning
|
mac-address mac-learning disable
|
Required
Enabled by default
|
1.2.3 Disabling MAC Address Learning on an Ethernet Port or Port Group
After enabling global MAC address learning,
you may disable the MAC address learning function on a port as needed.
Follow these steps to disable MAC address
learning on a port or port group:
|
To do…
|
Use the command…
|
Remarks
|
|
Enter system view
|
system-view
|
—
|
|
Enable global MAC address learning
|
undo mac-address mac-learning disable
|
Optional
Enabled by default.
|
|
Enter Ethernet
interface view or port group view
|
Enter
Ethernet interface view
|
interface
interface-type interface-number
|
Use either command
In Ethernet interface view, the following
configurations only take effect for the current port; in port group view, the
configurations take effect for all ports.
|
|
Enter port
group view
|
port-group
{ aggregation agg-id | manual
port-group-name}
|
|
Disable MAC address learning on an
Ethernet interface or port group
|
mac-address mac-learning disable
|
Required
Enabled by default
|
1.2.4 Configuring MAC Address Aging Timer
The MAC address table on your device is
available with an aging mechanism for dynamic entries to prevent its resources
from being exhausted. Configure the aging timer appropriately: a long aging
interval may cause the MAC address table to retain outdated entries and fail to
accommodate latest network changes; a short interval may result in removal of
valid entries and hence unnecessary broadcasts which may affect device
performance.
Follow these steps to configure the MAC
address aging timer:
|
To do…
|
Use the command…
|
Remarks
|
|
Enter system view
|
system-view
|
—
|
|
Configure the aging timer for dynamic MAC
address entries
|
mac-address timer { aging seconds | no-aging }
|
Optional
300 seconds by default.
|
l
The aging time of the MAC addresses is available
on all ports. The MAC address aging timer takes effect only on dynamic MAC
address entries (learned or administratively configured) only.
l
An aging timer does not take effect immediately
after being configured, but take effect after the current aging period expires.
1.2.5 Configuring the Maximum Number of MAC Addresses an Ethernet Port or
a Port Group Can Learn
To prevent a MAC address table from getting
too large that it may degrade forwarding performance, you may restrict the
number of MAC addresses that can be learned on a per-port or port group basis.
By using this command with the static MAC
address function, you can disable an interface or a port group from learning
MAC addresses, and only allow the packets with the specified destination
address to pass, thus avoiding the access from the illegal devices to the
network.
Follow these steps to configure the maximum
number of MAC addresses that an Ethernet port or port group can learn:
|
To do…
|
Use the command…
|
Remarks
|
|
Enter system view
|
system-view
|
—
|
|
Enter Ethernet interface or port group
view
|
Enter Ethernet interface view
|
interface interface-type interface-number
|
Use either command
In the Ethernet interface view, the
following configurations only take effect on the current port; in the port
group view, the configurations take effect on all ports.
|
|
Enter port group view
|
port-group { | manual port-group-name | aggregation agg-id
}
|
|
Configure the maximum number of MAC
addresses that can be learned on an Ethernet port or port group or configure whether
frames with unknown destination MAC addresses can be forwarded or not after
the upper limit is reached
|
mac-address max-mac-count { count | disable-forwarding }
|
Required
The default maximum number of MAC
addresses that can be learned is 14336. After the upper limit is reached, frames
with unknown destination MAC addresses are forwarded by default.
|
A frame with the
destination MAC address listed in the MAC address table will always be
forwarded, no matter whether the disable-forwarding keyword is
configured or not.
1.2.6 Configuring
the Maximum Number of MAC Addresses a VLAN Can Learn
To prevent a
MAC address table from getting so large that it may degrade forwarding
performance, you may restrict the number of MAC addresses that can be learned.
One approach is to do this on a per-VLAN basis.
Follow these steps to configure the maximum
number of MAC addresses that a VLAN can learn:
|
To do…
|
Use the command…
|
Remarks
|
|
Enter system view
|
system-view
|
—
|
|
Enter VLAN view
|
vlan vlan-id
|
—
|
|
Configure the maximum number of MAC
addresses that can be learned on a VLAN
|
mac-address max-mac-count count
|
Required
172032 by default
|
l
Since there are no Layer 2 physical ports in a Super
VLAN, the number of the learned MAC addresses is always 0. It is meaningless to
configure the maximum number of MAC addresses that the Super VLAN can learn.
l
When you execute the mac-address
max-mac-count count command, if the number of MAC addresses leaned
by the current VLAN already exceeds the configured value of the count
argument, the switch will neither remove the excessive MAC address entries nor
learn new MAC address until the number of MAC address entries becomes less than
count through MAC address entries aging.
|
To do…
|
Use the command…
|
Remarks
|
|
Display MAC
address table information
|
display
mac-address [ mac-address [ vlan vlan-id ] | [ dynamic | static ]
[ interface interface-type interface-number ] [ vlan vlan-id
] [ count ] ]
|
Available
in any view
|
|
display
mac-address blackhole [ vlan vlan-id ] [ count ]
|
|
Display
the aging timer for dynamic MAC address entries
|
display
mac-address aging-time
|
|
Display
the capability of system and port to learn MAC addresses dynamically
|
display
mac-address mac-learning [ interface-type
interface-number ]
|
1.4 MAC Address Table Management
Configuration Example
I. Network requirements
Log onto your device from the console port
to configure MAC address table management as follows:
l
Set the aging timer to 500 seconds for dynamic
MAC address entries.
l
Add a static entry 00EA-FC35-DC71 for port GigabitEthernet
1/2/1 in VLAN 25.
II. Configuration procedure
# Add a static MAC address entry (showing
the VLAN to which it belongs, port and status).
<Sysname> system-view
[Sysname] mac-address static 00ea-fc35-dc71
interface GigabitEthernet 1/2/1 vlan 25
# Set the aging timer for dynamic MAC
address entries to 500 seconds.
[Sysname] mac-address timer aging 500
# Display the MAC address entry in any view.
[Sysname] display mac-address
interface GigabitEthernet 1/2/1
MAC ADDR VLAN ID STATE PORT
INDEX AGING TIME(s)
00ea-fc35-dc71 25 Config
static GigabitEthernet1/2/1 NOAGED
--- 1 mac address(es) found on
port GigabitEthernet1/2/1 ---
